Identity provider - Active Directory Federation Services
- Daniel Balog
Windows server configuration
Open ID connect requires ADFS 4.0 - Windows Server 2016 or later.
The server needs the Active Directory Federation Services role installed and configured. For the official Microsoft guide, refer to Install the AD FS Role Service
Step 1 - Connect to the server with AD FS role and open the AD FS Management
Step 2 - Navigate to Application Groups / Add application group
Step 3 - Select the Server application accessing a web API template and name the application group (optional)
Step 4 - Click next, note the Client Identifier and add the redirect URI in the format: https://hostname-of-server/verba/ssoAdal
Step 5 - Select the Generate shared secret option, note the secret
Step 6 - Add the redirect URI in the format: https://hostname-of-server/verba/
Step 7 - Configure the MFA if required. For the official Microsoft guide, refer to Configure Additional Authentication Methods for AD FS
Step 8 - Add the openid permission for the server application
Verba configuration
Fill the required fields based on the description
| Name | Description |
|---|---|
| Client ID | The ADFS identifier noted in step 4 |
| Client Secret | The ADFS secret noted in step 5 |
| Authority | The server with the ADFS role in https://adfs-server/adfs format |
| Certificate | CA or server certificate in Base-64 encoded X509 |